38 lines
1.5 KiB
Markdown
38 lines
1.5 KiB
Markdown
# Security
|
|
|
|
At Corteza, the security of our products and services is important to us.
|
|
All of our source code repositories are managed through GitHub organisations.
|
|
Here is the list of [Corteza Repositories](https://github.com/orgs/cortezaproject/repositories)
|
|
|
|
If you believe you have found a security vulnerability in any Corteza repository, please report it to us as described below.
|
|
|
|
## Reporting Security Issues
|
|
|
|
**Please do not report security vulnerabilities through public GitHub issues.**
|
|
|
|
Instead, please send email to [info@cortezaproject.org](mailto:info@cortezaproject.org).
|
|
|
|
You should receive a response within 24 business hours. If for some reason you do not,
|
|
please follow up via email to ensure we received your original message.
|
|
|
|
Please include the requested information listed below (as much as you can provide)
|
|
to help us better understand the nature and scope of the possible issue:
|
|
|
|
* Type of issue,
|
|
* full paths of source file(s) related to the manifestation of the issue,
|
|
* the location of the affected source code (tag/branch/commit or direct URL),
|
|
* any special configuration required to reproduce the issue,
|
|
* step-by-step instructions to reproduce the issue,
|
|
* proof-of-concept or exploit code (if possible),
|
|
* impact of the issue, including how an attacker might exploit the issue.
|
|
|
|
This information will help us triage your report more quickly.
|
|
|
|
## Preferred Languages
|
|
|
|
We prefer all communications to be in English.
|
|
|
|
## Policy
|
|
|
|
[Corteza Privacy Policy](https://cortezaproject.org/privacy-policy/)
|